answer these QQuestionsDiscuss the legality and the ethicality of the Ashley Madison Web site. Discuss the legality and the ethicality of the actions of the hackers who attacked the Ashley Madison Web site.Discuss the legality and ethicality of the actions of people who copied the Ashley Madison data from the Dark Web and then made the data available on the open Web.Discuss the legality and ethicality of the reporters who used hacked (stolen) information in their stories.Discuss the legality and ethicality of the actions of Trustify.Are there differences in your answers to the first five questions? If so, then describe them. How do you account for them?What are the implications of the Ashley Madison breach for general privacy concerns regarding digital data?
homework__4___the_ashley_madison_breach.docx

Unformatted Attachment Preview

The Ashley Madison Breach
The Problem
Launched in 2001, Ashley Madison (www.ashleymadison.com) is
an online dating and social network service based in Canada.
Unlike most dating services, Ashley Madison marketed
specifically to people who are married or in a committed
relationship but are seeking an outside relationship. In mid-2015,
the site claimed 39 million members in 53 countries, and it
generated an estimated $115 million in annual revenue.
Significantly, Ashley Madison purportedly allowed users to hide
their account profiles for free. Users who wanted to delete their
accounts had to pay a $19 fee. Ashley Madison assured its users
that its “full delete option” removed all relevant data from the site:
user profiles, all messages sent and received, site usage history,
personally identifiable information, and photos.
On July 15, 2015, Ashley Madison was hacked by a group called
“The Impact Team.” The hackers claimed to have stolen personal
information about the site’s users, and it threatened to release
names, addresses, search histories, and credit card numbers if
the site did not immediately cease operations. The Impact Team
claimed their demand was caused by Ashley Madison’s failure to
delete users’ personal information following their invoiced
requests to do so.
When Ashley Madison ignored the demand, The Impact Team
launched its first data release on August 18, followed by a second
release three days later. The second batch of data included
Ashley Madison CEO Noel Biderman’s personal e-mails.
The data, which initially appeared on the Dark Web, were copied
and made public on the open Web. The Dark Web is the World
Wide Web content that exists on networks that require encryption,
specific software, or authorization to access. The Dark Web is not
indexed by search engines, and it can be accessed only through
a browser called Tor (www.torproject.org). The Dark Web is used
today for a wide range of anonymous activities including
communication by dissidents in authoritarian countries who wish
to access the Internet. It has also emerged as a platform for illegal
activities such as cybercrime, child pornography, and drug
trafficking.
Ashley Madison’s Attempts at a Solution
Immediately following The Impact Team’s announcement, CEO
Biderman confirmed the hack and asserted that the company was
“working diligently and feverishly” to try and stop the spread of the
leaked data. Ashley Madison released the following statement:
“We are actively monitoring and investigating this situation to
determine the validity of any information posted online … We will
continue to put forth substantial efforts into removing any
information unlawfully released to the public, as well as continuing
to operate our business.” In addition, the company issued
copyright takedown notices under the 1998 Digital Millennium
Copyright Act (DMCA) to multiple sites, claiming that “intellectual
property in the data” was being infringed upon. Many of the sites
complied with these requests.
Ashley Madison subsequently announced that it had secured its
site. It labeled the hack an act of “cyberterrorism,” and it
apologized to its users. The company offered $500,000
(Canadian) to anyone with information that leads to the
identification of the hackers. Finally, the site announced that in the
future it would delete user information free of charge, thus
eliminating the $19 fee.
The Results
By late August 2015, more than $1 billion in lawsuits had been
filed against Ashley Madison. On August 28, CEO Biderman
stepped down. According to the official press release, the senior
management team currently in place will continue to lead the
company.
Meanwhile, both the site and its users experienced further fallout
from the breach. For example, spammers quickly began to extort
people whose information was made public. One group, for
example, sent e-mails to Ashley Madison users demanding one
bitcoin (approximately $225) to prevent their information from
being shared. The group gave the users seven days before it
exposed them. In addition to extortion, victims of the breach risk
identity theft as well. Meanwhile, in 2015, Ashley Madison had
announced that it hoped to raise $200 million in an initial public
offering in London after it had failed in a previous IPO attempt in
Canada. Those plans are now in jeopardy. In fact, as of late 2015,
Ashley Madison’s very survival is questionable.
While the moral and ethical outrage surrounding the Ashley
Madison hack has received most of the headlines, industry
analysts maintain that the real issues are the assault on
consumer privacy and the inability of businesses to protect their
customers’ data. Analysts further predict that in the future
businesses will likely be held far more accountable for data
security than they have been in the past.
From a different perspective, private investigation startup Trustify
(www.trustify.info) capitalized on the Ashley Madison breach by
launching a service just after the attack that let anyone search the
data dump from the hackers. Trustify advertised its services to
suspicious partners who were concerned by a name that they
found on the list.
Sources: Compiled from R. Hackett, “CEO of Ashley Madison Parent
Company Stepping Down,” Fortune, August 28, 2015; L. Loeb, “Ashley
Madison Fallout: Investigations, Lawsuits, Lessons,” InformationWeek,
August 26, 2015; R. King, “IBM Advises Companies to Keep Networks
Free from Dark Web,” The Wall Street Journal, August 26, 2015; B.
Krebs, “Who Hacked Ashley Madison?” Krebs on Security, August 26,
2015; M. Slater-Robins, “Here’s What Ashley Madison’s $19 ‘Full Delete’
Feature Actually Removes,” Business Insider, August 26, 2015; J.
Greenberg, “Private Investigator Startup Exploits Ashley Madison Hack,”
Wired, August 25, 2015; A. Blake, “Ashley Madison Hack Could Cost
Dating Site More than $1 Billion as Lawsuits Mount,” The Washington
Times, August 25, 2015; W. Ashford, “Avid Life Media Offers Reward for
Information on Ashley Madison Hack as Writs Loom,” Computer Weekly,
August 25, 2015; D. George-Cosh, “Canadian Police Call Ashley
Madison Hack Criminal,” The Wall Street Journal, August 24, 2015; “The
Ashley Madison Hack… in 2 Minutes,” CNN Money, August 24, 2015;
“Ashley Madison Users Now Facing Extortion,” CNN Money, August 21,
2015; B. Cole, “Will Data Privacy Finally Come to the Fore, Post Ashley
Madison Hack?” TechTarget, August 21, 2015; “Ashley Madison Tries to
Stop the Spread of Its Leaked Data,” CNN Money, August 21, 2015; C.
Welch, “Ashley Madison’s $19 ‘Full Delete’ Option Made the Company
Millions,” The Verge, August 19, 2015; “Ashley Madison Probes Veracity
of Data Leaked by Hackers,” CNBC, August 19, 2015; “Hackers Expose
First Ashley Madison Users,” CBS News, July 22, 2015; Q. Fottrell,
“Ashley Madison May Have to Kiss Its IPO Goodbye,” Market Watch,
July 21, 2015; B. Krebs, “Online Cheating Site Ashley Madison Hacked,”
Krebs on Security, July 19, 2015; www.ashleymadison.com, accessed
August 29, 2015.
Questions
1. Discuss the legality and the ethicality of the Ashley Madison
Web site.
2. Discuss the legality and the ethicality of the actions of the
hackers who attacked the Ashley Madison Web site.
3. Discuss the legality and ethicality of the actions of people
who copied the Ashley Madison data from the Dark Web and
then made the data available on the open Web.
4. Discuss the legality and ethicality of the reporters who used
hacked (stolen) information in their stories.
5. Discuss the legality and ethicality of the actions of Trustify.
6. Are there differences in your answers to the first five
questions? If so, then describe them. How do you account
for them?
7. What are the implications of the Ashley Madison breach for
general privacy concerns regarding digital data?

Purchase answer to see full
attachment